Privacy Now or Never: Large-Scale Extraction and Analysis of Dates in Privacy Policy Text

Mukund Srinath; Lee Matheson; Pranav Narayanan Venkit; Gabriela Zanfir-Fortuna; Florian Schaub; C. Lee Giles; Shomir Wilson

doi:10.1145/3573128.3609342

Privacy Now or Never: Large-Scale Extraction and Analysis of Dates in Privacy Policy Text

Mukund Srinath, Lee Matheson, Pranav Narayanan Venkit, Gabriela Zanfir-Fortuna, Florian Schaub, C. Lee Giles, Shomir Wilson

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

The General Data Protection Regulation (GDPR) and other recent privacy laws require organizations to post their privacy policies, and place specific expectations on organisations' privacy practices. Privacy policies take the form of documents written in natural language, and one of the expectations placed upon them is that they remain up to date. To investigate legal compliance with this recency requirement at a large scale, we create a novel pipeline that includes crawling, regex-based extraction, candidate date classification and date object creation to extract updated and effective dates from privacy policies written in English. We then analyze patterns in policy dates using four web crawls and find that only about 40% of privacy policies online contain a date, thereby making it difficult to assess their regulatory compliance. We also find that updates in privacy policies are temporally concentrated around passage of laws regulating digital privacy (such as the GDPR), and that more popular domains are more likely to have policy dates as well as more likely to update their policies regularly.

Original language	English (US)
Title of host publication	DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering
Publisher	Association for Computing Machinery, Inc
ISBN (Electronic)	9798400700279
DOIs	https://doi.org/10.1145/3573128.3609342
State	Published - Aug 22 2023
Event	2023 ACM Symposium on Document Engineering, DocEng 2023 - Limerick, Ireland Duration: Aug 22 2023 → Aug 25 2023

Publication series

Name	DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering

Conference

Conference	2023 ACM Symposium on Document Engineering, DocEng 2023
Country/Territory	Ireland
City	Limerick
Period	8/22/23 → 8/25/23

All Science Journal Classification (ASJC) codes

Computer Science Applications
Information Systems
Software

Access to Document

10.1145/3573128.3609342

Cite this

Srinath, M., Matheson, L., Venkit, P. N., Zanfir-Fortuna, G., Schaub, F., Lee Giles, C., & Wilson, S. (2023). Privacy Now or Never: Large-Scale Extraction and Analysis of Dates in Privacy Policy Text. In DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering Article 3609342 (DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering). Association for Computing Machinery, Inc. https://doi.org/10.1145/3573128.3609342

@inproceedings{e2b130ed274d47708647aed45a0ed3c2,

title = "Privacy Now or Never: Large-Scale Extraction and Analysis of Dates in Privacy Policy Text",

abstract = "The General Data Protection Regulation (GDPR) and other recent privacy laws require organizations to post their privacy policies, and place specific expectations on organisations' privacy practices. Privacy policies take the form of documents written in natural language, and one of the expectations placed upon them is that they remain up to date. To investigate legal compliance with this recency requirement at a large scale, we create a novel pipeline that includes crawling, regex-based extraction, candidate date classification and date object creation to extract updated and effective dates from privacy policies written in English. We then analyze patterns in policy dates using four web crawls and find that only about 40% of privacy policies online contain a date, thereby making it difficult to assess their regulatory compliance. We also find that updates in privacy policies are temporally concentrated around passage of laws regulating digital privacy (such as the GDPR), and that more popular domains are more likely to have policy dates as well as more likely to update their policies regularly.",

author = "Mukund Srinath and Lee Matheson and Venkit, {Pranav Narayanan} and Gabriela Zanfir-Fortuna and Florian Schaub and {Lee Giles}, C. and Shomir Wilson",

note = "Publisher Copyright: {\textcopyright} 2023 ACM.; 2023 ACM Symposium on Document Engineering, DocEng 2023 ; Conference date: 22-08-2023 Through 25-08-2023",

year = "2023",

month = aug,

day = "22",

doi = "10.1145/3573128.3609342",

language = "English (US)",

series = "DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering",

publisher = "Association for Computing Machinery, Inc",

booktitle = "DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering",

}

Srinath, M, Matheson, L, Venkit, PN, Zanfir-Fortuna, G, Schaub, F, Lee Giles, C & Wilson, S 2023, Privacy Now or Never: Large-Scale Extraction and Analysis of Dates in Privacy Policy Text. in DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering., 3609342, DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering, Association for Computing Machinery, Inc, 2023 ACM Symposium on Document Engineering, DocEng 2023, Limerick, Ireland, 8/22/23. https://doi.org/10.1145/3573128.3609342

Privacy Now or Never: Large-Scale Extraction and Analysis of Dates in Privacy Policy Text. / Srinath, Mukund; Matheson, Lee; Venkit, Pranav Narayanan et al.
DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering. Association for Computing Machinery, Inc, 2023. 3609342 (DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Privacy Now or Never

T2 - 2023 ACM Symposium on Document Engineering, DocEng 2023

AU - Srinath, Mukund

AU - Matheson, Lee

AU - Venkit, Pranav Narayanan

AU - Zanfir-Fortuna, Gabriela

AU - Schaub, Florian

AU - Lee Giles, C.

AU - Wilson, Shomir

PY - 2023/8/22

Y1 - 2023/8/22

N2 - The General Data Protection Regulation (GDPR) and other recent privacy laws require organizations to post their privacy policies, and place specific expectations on organisations' privacy practices. Privacy policies take the form of documents written in natural language, and one of the expectations placed upon them is that they remain up to date. To investigate legal compliance with this recency requirement at a large scale, we create a novel pipeline that includes crawling, regex-based extraction, candidate date classification and date object creation to extract updated and effective dates from privacy policies written in English. We then analyze patterns in policy dates using four web crawls and find that only about 40% of privacy policies online contain a date, thereby making it difficult to assess their regulatory compliance. We also find that updates in privacy policies are temporally concentrated around passage of laws regulating digital privacy (such as the GDPR), and that more popular domains are more likely to have policy dates as well as more likely to update their policies regularly.

AB - The General Data Protection Regulation (GDPR) and other recent privacy laws require organizations to post their privacy policies, and place specific expectations on organisations' privacy practices. Privacy policies take the form of documents written in natural language, and one of the expectations placed upon them is that they remain up to date. To investigate legal compliance with this recency requirement at a large scale, we create a novel pipeline that includes crawling, regex-based extraction, candidate date classification and date object creation to extract updated and effective dates from privacy policies written in English. We then analyze patterns in policy dates using four web crawls and find that only about 40% of privacy policies online contain a date, thereby making it difficult to assess their regulatory compliance. We also find that updates in privacy policies are temporally concentrated around passage of laws regulating digital privacy (such as the GDPR), and that more popular domains are more likely to have policy dates as well as more likely to update their policies regularly.

UR - http://www.scopus.com/inward/record.url?scp=85173559623&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85173559623&partnerID=8YFLogxK

U2 - 10.1145/3573128.3609342

DO - 10.1145/3573128.3609342

M3 - Conference contribution

AN - SCOPUS:85173559623

T3 - DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering

BT - DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering

PB - Association for Computing Machinery, Inc

Y2 - 22 August 2023 through 25 August 2023

ER -

Srinath M, Matheson L, Venkit PN, Zanfir-Fortuna G, Schaub F, Lee Giles C et al. Privacy Now or Never: Large-Scale Extraction and Analysis of Dates in Privacy Policy Text. In DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering. Association for Computing Machinery, Inc. 2023. 3609342. (DocEng 2023 - Proceedings of the 2023 ACM Symposium on Document Engineering). doi: 10.1145/3573128.3609342

Privacy Now or Never: Large-Scale Extraction and Analysis of Dates in Privacy Policy Text

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this